On 04/05/2015 08:35 PM, H.J. Lu wrote:
On Sun, Apr 5, 2015 at 6:44 PM, Sandra Loosemore
<san...@codesourcery.com> wrote:
[snip snip]
To tell the truth, I can't figure out what this means from a user
perspective. How does a user know whether the linker option is being
ignored, or if they have a new enough linker? If the linker available at
configuration time doesn't support the option, does that mean the option
will never be passed and users will never know that there are gaping holes
in the pointer bounds checking?
My suggestion would be to pass the option unconditionally and make the
documentation say something like
I totally agree with it.
It also passes @option{-z bndplt} to the linker. LD version xxx or later is
required to use this feature. If no linker support for @option{-z bndplt}
is available, you should link with @option{-static-libmpxwrappers} or
@option{-static} instead; otherwise calls to dynamic libraries lose bounds
checking protection.
This implies that -static-libmpxwrappers will cover all dynamic libraries,
which isn't true. -static-libmpxwrappers only covers calls to functions
defined in libmpxwrappers.so and leaves calls to functions defined in
other dynamic libraries open to buffer overflow.
See, I said I didn't really understand the details. ;-) Just strike
the reference to -static-libmpxwrappers entirely, then.
-Sandra
